Security in 2017: Ransomware will remain king

2016 was the year of ransomware, with hackers focusing their attention on exploiting Internet users and businesses around the world for profit. According to the FBI, cyberextortion losses have skyrocketed and ransomware was on track to become a $1 billion a year crime in 2016.

Our research shows no sign of this security nightmare slowing down in 2017. Hackers are becoming more advanced, and ransomware remains an incredibly easy, lucrative way for them to make money. Unfortunately, the security community has only started to develop defenses that can protect Internet users from ransomware.

With the new year around the corner, security researchers at Malwarebytes Labs have compiled a list of predictions that encompass what new ransomware threats, developments, and opportunities they expect consumers and businesses will face in 2017.

Ransomware will become personal.

Most ransomware attacks today are indiscriminant. For the most part, cyber criminals issue ransomware at random, hitting anyone and everyone that they can. However, it’s increasingly likely that targeted ransomware attacks will become the new norm. If an attacker can recognize the difference between an enterprise and a consumer target, they will be able to adapt their ransom demands to match their victims. The intentions of attacks are also likely to become more personal. In addition to encrypting files, ransomware attackers will soon be threatening to post data or information on social media, or to expose it in an equally destructive way. As with most cyber attacks, ransomware will grow to take advantage of more human vulnerabilities.

Ransomware protection will become an investment.

Until this past year, companies and consumers had few solutions available to them to help detect and fight ransomware. Security researchers have been working hard to find decryptors of specific ransomware types so that they can effectively protect against them in the near future. However, when a ransomware descriptor is recognized, ransomware authors often tweak their attacks to avoid detection. As this cat and mouse game between security researchers and ransomware creators continues, more security vendors will debut anti-ransomware protection offerings. In fact, we predict that by the end of 2017 at least 50% of security companies will release some sort of ransomware detection and/or prevention software. Companies and consumers will both find themselves investing in new anti-ransomware security software in 2017.

Password managers will become a huge target.

In 2017, password managers, digital vaults where users store passwords and other authentication data, will become a huge target for cybercriminals. In fact, just last month, it was revealed that Apple’s new iOS 10 operating system has a potential security hole that could help hackers get access to passwords and other sensitive information. Hackers are apparently able to infiltrate Apple’s Keychain password manager. For a hacker, breaking into a network such as this can be incredibly fruitful. The top password managers are likely to find themselves under attack in 2017.

Attackers will pick pocket the digital wallet.

With the growth of financial and budget planning applications; increased pervasiveness of new payment methodologies such as Apple Pay adding new wrinkles (such as making online payments through the phone); and the growing pervasiveness of cryptocurrencies (like Bitcoin, Litecoin, and Peercoin), there will be increasing attacks against applications, plugins, digital wallets, and the companies holding authentication data allowing access to these digital currency streams. With the incremental adoption of each of these technologies, the potential windfall from a dedicated attacker increases. Soon it will be more than enough to attract organized criminals who previously flocked to the banking Trojans of the past. In fact, the first attacks may evolve from the original Zeus source code, the granddaddy of banking Trojans.

A new exploit kit will emerge as the top dog.

In recent months, we have witnessed several trends that hint that existing malware attacks are going “back to the basics.” For example, there has been a rise in the spread of malware attacks through email and phishing, while more sophisticated malvertising and exploit kit attacks have decreased. Companies and consumers have figured out how to block Java and Flash and are moving to HTML5, making it harder for the existing exploit kits to succeed in deploying malware through malvertising.

Since Angler EK disappeared in June 2016, several other exploit kits have been battling for the top spot. An underdog, RIG EK is now positioned to be the new leader, but it still relies on older vulnerabilities, all of which are easily prevented today. This opens up a massive opportunity for a new, sophisticated and dangerous exploit kit to emerge in the next year.

Malware will become engrained in tech support scams and attacks will increase, globally.

Tech support scams (TSS) have become incredibly advanced and dangerous over the last few years and most recently we have witnessed TSS deploying malware, and even extortionware. In 2017, TSS attackers will dive into this benefit headfirst and leverage the malware threat landscape more than ever before.

The IoT will thrustDDoS attacks into a new era.

In 2017, the Internet of Things (IoT) will perpetuate an evolution in how DDoS attacks are orchestrated. In September of 2016, we saw a DDoS attack like never before. Security blogger Brian Krebs found himself under attack by the biggest DDoS attack ever recorded, and sources emphasized that CCTV cameras wired to the Internet and other unsecured connected devices were leveraged by attackers to orchestrate the attack. Based on the sheer volume of devices that we have connected to the Internet today, the very real challenge of not being able to update or secure their firmware and the ease in which these devices can be identified using both general (Google) or specialized (Shodan) search, the possibilities for DDoS attackers have exploded. We anticipate that we will see increasing attacks like the one that targeted Krebs, perhaps even targeting critical infrastructure such as the power grid or government communications

Security will be the #1 priority for the boardroom.

In 2017, we anticipate that more security professionals will be asked to join company boards. The need to have someone technical with a background in security on your board is currently at an incredibly hire premium—across all industries. This will only continue to grow over the next year, as we continue to watch it evolve as one of the top business and political priorities of our age.

April 24, 2012 - WARNING: The information included in this tutorial could be used for malicious purposes in the wrong hands, please expect to be yelled at by people who think you are a bad guy if you start talking about this or asking questions. Also, please use responsibly. Hello everyone! Today I am going to give a detailed...

April 24, 2012 - Security Level: Light Purpose: To hide who you are while performing research through your browser. Benefits: Hide your IP Easy to set up Can be run off of a USB stick Drawbacks: Drive-by attacks can still lead to the infection of your host system. Can only hide traffic going out of HTTP port(s). Not meant...

April 27, 2012 - Security Level: Medium Purpose: To hide who you are while performing research through your browser AND protecting your host system from drive-by download attacks. Benefits: Hide your IP Protect the host system by running in a virtual environment Execute malware in a safe environment (non-traffic capture) Drawbacks: Not as easy to setup Need to gather...

April 27, 2012 - Security Level: High / Hardcore Purpose: To hide who you are while performing research through your browser AND protecting your host system from drive-by download attacks AND being able to perform dynamic malware analysis and capture malicious traffic moving between the malware and the C&C. (Whew, that’s a lot of ANDs. =D) Benefits: Hide your...

May 22, 2012 - Since December of 2011, the spread of malicious advertisements, or “Malvertisements”, has drastically increased. Along with this trend is the increased spread of some pretty nasty malware. One in particular is called Happili, an adware trojan that installs a browser extension to re-direct legitimate search queries to ad sites.